Direct Connect

Service Overview

Issue 01

Date 2022-01-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2022. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 What Is Direct Connect?........................................................................................................ 1

2 Product Advantages................................................................................................................ 3

3 Application Scenarios............................................................................................................. 4

4 Network Planning................................................................................................................... 6

5 Notes and Constraints............................................................................................................ 9

6 Direct Connect Locations.....................................................................................................11

7 Billing....................................................................................................................................... 14

8 Permissions............................................................................................................................. 17

9 Integration with Other Services........................................................................................ 21

10 Basic Concepts..................................................................................................................... 2310.1 Connection............................................................................................................................................................................ 2310.2 Virtual Gateway.................................................................................................................................................................. 2410.3 Virtual Interface.................................................................................................................................................................. 2410.4 Region and AZ..................................................................................................................................................................... 24

Direct ConnectService Overview Contents

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. ii

1 What Is Direct Connect?

Direct Connect allows you to establish a high-speed, low-latency, stable, andsecure dedicated network connection that connects your on-premises data centerto HUAWEI CLOUD. Direct Connect allows you to maximize legacy IT facilities andleverage cloud services to build a flexible, scalable hybrid cloud computingenvironment.

Figure 1-1 shows how Direct Connect connects an on-premises data center to thecloud.

Figure 1-1 How Direct Connect works

Why Direct Connect● Network quality: Direct Connect allows you to establish a dedicated network

for data transmission, which brings high network performance, low latency,and excellent user experience.

● Security: Direct Connect establishes private connectivity between your on-premises data center and the cloud. Data is transmitted over a dedicatedconnection, ensuring data security.

● Transmission speed: A connection supports a maximum of 100 Gbit/sbandwidth, meeting various bandwidth requirements.

Components

Key components for you to use Direct Connect are a connection, virtual gateway,and virtual interface.

● Connection

Direct ConnectService Overview 1 What Is Direct Connect?

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 1

A connection is dedicated network connection between your premises and aDirect Connect location over a line you leased from a carrier. You can create astandard connection by yourself or request a hosted connection from apartner. After you are certified as a partner, you can also create an operationsconnection.A standard or operations connection has a dedicated port for your exclusiveuse and can be associated with multiple virtual interfaces.A hosted connection allows you to share one port with others. Partners withoperations connections can provision hosted connections and allocate VLANsand bandwidths for those connections. You can request hosted connectionsfrom these partners, and only one virtual interface can be created for ahosted connection.

● Virtual gatewayA virtual gateway is a logical gateway for accessing VPCs. Each VPC can haveonly one virtual gateway associated. However, a virtual gateway can beassociated with multiple connections. If you have multiple connections andhope to access one VPC, you can associate your connections with the samevirtual gateway for accessing the same VPC.

● Virtual interfaceA virtual interface serves as an entrance for you to access VPCs through aconnection. A virtual interface links a connection with one or more virtualgateways, each of which is associated with a VPC, so that your on-premisesnetwork can access all these VPCs.

Accessing Direct ConnectThe public cloud provides a web-based user interface, the management console,for you to access the Direct Connect service.

● If you have registered an account, log in to the management console andchoose Networking > Direct Connect on the homepage.

● If you do not have an account, register an account with HUAWEI CLOUD firstby referring to Getting Started.

Direct ConnectService Overview 1 What Is Direct Connect?

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 2

2 Product Advantages

Direct Connect has the following advantages:

● Data securityYou can use Direct Connect to connect to VPCs in the cloud. With DirectConnect, a dedicated channel that is isolated from other networks is used forcommunication, ensuring high security.

● Low latencyA dedicated network is used for data transmission, which brings high networkperformance, low latency, and excellent user experience.

● High bandwidthA connection supports a maximum of 100 Gbit/s bandwidth, meeting variousbandwidth requirements.

● Seamless expansionYou can use Direct Connect to connect an on-premises data center to thecloud, which enables you to build a hybrid cloud in a flexible and scalablemanner.

Direct ConnectService Overview 2 Product Advantages

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 3

3 Application Scenarios

Access to Multiple VPCs from an On-premises Data CenterAfter you connect your on-premises data center to the cloud using Direct Connect,you can Cloud Connect to connect the VPC that your on-premises data center isaccessing to those in other regions, so that your on-premises data center canaccess all connected VPCs.

Hybrid Cloud DeploymentDirect Connect allows you to build a hybrid environment for your on-premisesdata center and leverage the scalability of the cloud to expand the computingcapability of your applications.

Direct ConnectService Overview 3 Application Scenarios

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 4

Figure 3-1 Hybrid cloud

Table 3-1 Comparisons of Direct Connect and VPN in hybrid cloud deployment

CloudService

Scenario Description Helpful Links

VirtualPrivateNetwork (VPN)

Connect an on-premises datacenter to thecloud throughan IPsec tunnel.

VPN uses an encryptedcommunications tunnel toconnect a VPC on the cloudto an on-premises datacenter and sends traffic overthe Internet. It isinexpensive, easy toconfigure, and easy to use.However, VPN connectionsmay be affected by theInternet quality.

Connecting to aVPC Through aVPN

DirectConnect

Connect an on-premises datacenter to thecloud using adedicatednetworkconnection.

Direct Connect providesphysical connectionsbetween VPCs and datacenters. It has theadvantages of low latencyand is very secure. DirectConnect is a good choicewhen there are strictrequirements on networktransmission quality.

Accessing MultipleVPCs over OneConnection

Direct ConnectService Overview 3 Application Scenarios

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 5

4 Network Planning

OverviewYou can connect your data center to the cloud using either type of connection:

● Standard connectionA standard connection provides a dedicated port for your exclusive use. Youcan create standard connections on the console. You can have more than oneconnection terminated at different locations, and these connections mutuallyback up each other, improving the network reliability. If there is only onecarrier due to special requirements, you must configure different routes foryour connections.

Figure 4-1 Accessing the cloud using standard connections

● Hosted connectionIf you use a hosted connection to access the cloud, you share the port withothers.After the partner connects to your on-premises data center and HUAWEICLOUD, the partner provisions a connection for you.

Direct ConnectService Overview 4 Network Planning

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 6

Figure 4-2 Accessing the cloud using hosted connections

ComparisonItem Standard Connection Hosted Connection

Port Exclusive port Shared port

Recommended bandwidth

1 Gbit/s to 100 Gbit/s < 1 Gbit/s

Estimatedconstructionperiod

Two to three months for lines inthe same city, and three to fourmonths for lines across cities

About one month

Implementation entity

You, leased line carrier, equipmentroom carrier, and HUAWEI CLOUD

You, leased line carrier,and HUAWEI CLOUD

Process ● You create a connection on theconsole to reserve a port.

● You contact the leased linecarrier and supervise thedeployment of the line fromyour data center to theequipment room at thelocation.

● You contact the equipmentroom carrier at your location tocomplete the cabling from yourdata center to the equipmentroom (if required) and connectthe jumper inside theequipment room.

● Your carrier works withHUAWEI CLOUD to commissionaccess devices.

● You complete required networkconfiguration on the console,including creating a virtualgateway and virtual interface.

● The partner deploysthe leased line fromyour data center to thelocation that youselected.

● The carrier completesthe commissioning ofaccess devices.

● You complete requirednetwork configurationon the console,including creating avirtual gateway andvirtual interface.

Direct ConnectService Overview 4 Network Planning

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 7

Item Standard Connection Hosted Connection

Pricing ● Pay HUAWEI CLOUD for theport usage duration (by monthor year).

● Pay the carrier of theequipment room at the locationfor the cabling inside theequipment room.

● Pay the carrier of equipmentroom at your premises for thecabling inside the equipmentroom.

● Pay the leased line carrier forconstruction and bandwidthusage. For details, see Billing.

● You do not need to payHUAWEI CLOUD forthe port usage.

● Pay the carrier ofequipment room atyour premises for thecabling inside theequipment room.

● Pay the leased carrierfor construction andbandwidth usage.

Network Requirements● Your on-premises network must use a single-mode fiber with a 1GE, 10GE,

40GE, or 100GE optical module to connect to the access device in the cloud.In addition, key parameters such as the LC, wavelength, and distance must bealigned with the location. Examples of optical module parameters: 1 GE, LCsingle-mode, 1310 nm, and 10 km

● Auto-negotiation for the port must be disabled.● Port speed and full-duplex mode must be manually configured.● 802.1Q VLAN encapsulation must be supported on the entire connection,

including intermediate devices.● Your device must support the Border Gateway Protocol (BGP) and BGP MD5

authentication or static routing.● (Optional) You can configure Bidirectional Forwarding Detection (BFD) on the

network.● The maximum transmission unit (MTU) supported at the physical layer is up

to 1522 bytes (14-byte Ethernet header + 4-byte VLAN tag + 1500-byte IPdatagram + 4-byte frame check sequence). The recommended value is 1500.

● Private IP addresses are recommended both on and off the cloud, and IPaddress ranges for interworking cannot conflict with each other.

Direct ConnectService Overview 4 Network Planning

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 8

5 Notes and Constraints

Resource Quota Remarks

Number of connectionsthat can be created byan account in eachregion

10 The quota cannot beincreased.

Number of virtualinterfaces that can becreated by an account ineach region

50 The quota cannot beincreased.

Number of routes forBGP sessions on a virtualinterface

100 The quota cannot beincreased.

Number of static routeson a virtual interface

50 The quota cannot beincreased.

Restrictions on LocationsBefore creating a connection, you need to select a location. Pay attention to thefollowing restrictions when you select a location:

● There may be more than one location in each region. In this case, networklatency from each location to different AZs in the region should be less than 5ms.

● If your workloads have high requirement for network latency, you can submita service ticket to consult the location that is the nearest to the AZ whereyour cloud servers reside.

Product Use Restrictions● The CIDR block of the VPC cannot overlap with the CIDR block used by the

on-premises network.The on-premises network cannot use 100.64.0.0/10, 127.0.0.0/8,169.254.0.0/16, and 224.0.0.0/3 because they are reserved for the VPC service.

Direct ConnectService Overview 5 Notes and Constraints

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 9

● Currently, 1GE and 10GE single-mode optical ports can transmit data up to 10km. If you need an optical port that can transmit data for more than 10 km,or you need a 40GE or 100GE port, you need to purchase optical modules byyourself.

● If you use a Direct Connect connect to access ELB, you must select Source IPhash as the load balancing algorithm and disable sticky sessions for ELB.

Construction Notes● Your construction company must comply with the regulations presented by

the equipment room carrier and engineers. In case of any violation, theconstruction cannot be completed.

● No optical-to-electrical converters can be hosted or installed in the equipmentroom.

● Network blocking due to state policies or HUAWEI CLOUD management willdelay the construction. In the event of such situation, contact your DirectConnect manager.

● The equipment room at a location is operated by a telecom carrier or a thirdparty. If there are fees for connecting your leased line to the equipment roomor an in-building cable, pay the fees to the equipment room carrier.

● You need to apply for a Letter of Authorization (LOA) and show the LOAwhen entering the equipment room for construction.

Direct ConnectService Overview 5 Notes and Constraints

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 10

6 Direct Connect Locations

Direct Connect provides a number of locations for you to choose from. You canrequest a port when creating a connection.

A location provides access to HUAWEI CLOUD in a region. Before using DirectConnect to access HUAWEI CLOUD, you must obtain the details of each location.

The following table lists the locations provided by Direct Connect and theirregions, cities, and data centers to help you access the cloud from the closestlocation. The specific address of each location is contained in the LOA thatHUAWEI CLOUD provides to you when you buy a connection on the console.

For more information, submit a service ticket or contact the sales manager.

Table 6-1 Direct Connect locations

Geographic Region

City Region Location IDC

Chinesemainland

Beijing CN North-Beijing4

Langfang-Guangyang-Huawei

Huawei

Beijing-Tongzhou-Huitian

Huitian

Beijing-Yizhuang-Centrin

Centrin DataSystems

Beijing-Yizhuang-Yatai

Yatai Zhongli

Chinesemainland

Shanghai CN East-Shanghai2

Shanghai-Pudong-GDS

GDS

Shanghai-Baoshan-Baoxin

Baoxin

Shanghai-Jiading-Sinnet

Sinnet

Direct ConnectService Overview 6 Direct Connect Locations

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 11

Geographic Region

City Region Location IDC

Suzhou CN East-Shanghai1

Suzhou-Kunshan-GDS

GDS

Suzhou-Wuzhong-Guoke

ChinaUnicom

Guangzhou CN South-Guangzhou

Guangzhou-Huangpu-Huaxinyuan

Bigone

Guangzhou-Fanyu-Universitytown

Bigone

Guiyang CN Southwest-Guiyang1

Guiyang-Gui'an-Mobile

China Mobile

Guiyang-Gui'an-Unicom

ChinaUnicom

AsiaPacific

Hong Kong CN-HongKong

Hong Kong-ShaTin-Telecom

ChinaTelecom

Hong Kong-SaiKung-Mobile

China Mobile

Bangkok AP-Bangkok Bangkok-NTT NTT

Bangkok-TRUE TRUE

Singapore AP-Singapore Singapore-DataPro

Equinix

Singapore-GlobalSwitch

GlobalSwitch

SouthAfrica

Johannesburg AF-Johannesburg

Johannesburg-Vodacom

Vodacom

Johannesburg-MTN

MTN

Johannesburg-ISParklands

InternetSolutionsParklands

Johannesburg-Teraco

Teraco

LatinAmerica

Mexico LA-MexicoCity1

Mexico City1-COM Ixtlahuaca

COMIxtlahuaca

Sao Paulo LA-Sao Paulo1 Sao Paulo-Telefonica

Telefonica

Direct ConnectService Overview 6 Direct Connect Locations

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 12

Geographic Region

City Region Location IDC

Sao Paulo-Equinix Equinix

Sao Paulo-ODATA OData

Santiago LA-Santiago Santiago-Paine Paine

Santiago-Claro Claro

Direct ConnectService Overview 6 Direct Connect Locations

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 13

7 Billing

You can create a standard connection for exclusive use of the port, or request ahosted connection from a partner to share a port with others.

Billing Items● Standard connection

The following figure shows the fees that you need to pay for a standardconnection.

Table 7-1 Standard connection pricing

Payee BillingItem

Description PaymentMethod

HUAWEICLOUD

Port The port is billed based on itsspecifications.

Prepayment(yearly/monthlysubscription)

One-timesetup

Currently, you will not be billedfor the one-time setup.

-

Direct ConnectService Overview 7 Billing

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 14

Payee BillingItem

Description PaymentMethod

Carrier orHUAWEICLOUDpartner

Leasedline

To connect your on-premises datacenter to the cloud, you need tolease a line from the carrier.

N/A

In-buildingcabling

If you lease a line for a carrier,you also need to pay for thecabling inside the carrier'sequipment room.

N/A

● Hosted connection

If you buy a hosted connection from a HUAWEI CLOUD partner, you share theport with other users and do not need to pay HUAWEI CLOUD for one-timesetup and the port.

The following figure shows the fees that you need to pay for a hostedconnection.

Table 7-2 Hosted connection billing details

Payee BillingItem

Description PaymentMethod

HUAWEICLOUDpartner

Leasedline

Your partner has establishednetwork connectivity withHUAWEI CLOUD. You need to paythe partner for the leased line.

N/A

For details, see Product Pricing Details.

Billing Mode

Prepayment (yearly/monthly subscription)

Changing Billing Mode

Currently, only Yearly/Monthly is supported, and it cannot be changed.

Direct ConnectService Overview 7 Billing

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 15

RenewalFor details, see Renewal Management.

Expiration and Overdue PaymentFor details, see Service Suspension and Resource Release and Payment andRepayment.

Direct ConnectService Overview 7 Billing

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 16

8 Permissions

If you need to assign different permissions to employees in your enterprise toaccess your Direct Connect resources, Identity and Access Management (IAM) is agood choice for fine-grained permissions management. IAM provides identityauthentication, permissions management, and access control, helping you securelymanage access to your HUAWEI CLOUD resources.

With IAM, you can use your account to create IAM users for your employees, andassign permissions to the users to control their access to specific resource types.For example, some software developers in your enterprise need to use DirectConnect but should not be allowed to delete other Direct Connect resources orperform any other high-risk operations. In this scenario, you can create IAM usersfor the software developers and grant them only the required permissions.

Skip this part if your HUAWEI CLOUD account does not require individual IAMusers for permissions management.

IAM is free. You pay only for the resources in your account. For more informationabout IAM, see the IAM Service Overview.

Direct Connect Permissions

By default, new IAM users do not have permissions assigned. You need to add auser to one or more groups, and attach permissions policies or roles to thesegroups. Users inherit permissions from the groups to which they are added andcan perform specified operations on cloud services.

Direct Connect is a project-level service deployed and accessed in specific physicalregions. To assign permissions to a user group, specify the scope as region-specificprojects and select projects for the permissions to take effect. If All projects isselected, the permissions will take effect for the user group in all region-specificprojects. When accessing Direct Connect, the users need to switch to a regionwhere they have been authorized to use this service.

You can grant permissions by using roles or policies.

● Roles: A type of coarse-grained authorization mechanism that definespermissions related to users responsibilities. Only a limited number of service-level roles for authorization are available. When using roles to grantpermissions, you need to also assign other roles that the permissions depend

Direct ConnectService Overview 8 Permissions

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 17

on to take effect. However, roles are not the ideal choice for fine-grainedauthorization and secure access control.

● Policies: A fine-grained authorization mechanism that defines permissionsrequired to perform operations on specific cloud resources under certainconditions. This mechanism allows for more flexible policy-basedauthorization, and meets the requirements for secure access control. Forexample, you can grant Direct Connect users the permissions for onlymanaging a certain type of resources.

Table 8-1 lists all system-defined roles or policies supported by Direct Connect.

Table 8-1 Direct Connect roles or policies

Role/PolicyName

Description Type Dependency

DirectConnectAdministrator

Has all permissions forDirect Connectresources.To have thesepermissions, users mustalso have the TenantGuest and VPCAdministratorpermissions.

System-definedrole

Tenant Guest and VPCAdministrator● VPC Administrator:

project-level policy,which must beassigned in the sameproject

● Tenant Guest: project-level policy, whichmust be assigned inthe same project

DCaaSPartner

Has permissions ofDirect Connect partners.Users who have thesepermissions can createhosted operations forothers.To have thesepermissions, users mustalso have the TenantGuest and VPCAdministratorpermissions.

System-definedrole

Tenant Guest and VPCAdministrator● VPC Administrator:

project-level policy,which must beassigned in the sameproject

● Tenant Guest: project-level policy, whichmust be assigned inthe same project

DCAASFullAccess

Permissions: allpermissions for DirectConnectScope: project-levelservice

System-definedpolicy

None

DCAASReadOnlyAccess

Permissions: read-onlypermissions for DirectConnectScope: project-levelservice

System-definedpolicy

None

Direct ConnectService Overview 8 Permissions

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 18

Table 8-2 lists common operations supported by each system-defined role orpolicy of Direct Connect.

Table 8-2 Common operations supported by each system-defined role or policy

Operation DirectConnectAdministrator

DCaaSPartner

DCAASFullAccess

DCAASReadOnlyAccess

Creating aconnection

√ √ √ ×

Viewing aconnection

√ √ √ √

Modifying aconnection

√ √ √ ×

Deleting aconnection

√ √ √ ×

Creating avirtualgateway

√ √ √ ×

Viewing avirtualgateway

√ √ √ √

Modifying avirtualgateway

√ √ √ ×

Deleting avirtualgateway

√ √ √ ×

Creating avirtualinterface

√ √ √ ×

Viewing avirtualinterface

√ √ √ √

Modifying avirtualinterface

√ √ √ ×

Deleting avirtualinterface

√ √ √ ×

Creating anoperationsconnection

√ √ √ ×

Direct ConnectService Overview 8 Permissions

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 19

Operation DirectConnectAdministrator

DCaaSPartner

DCAASFullAccess

DCAASReadOnlyAccess

Viewing anoperationsconnection

√ √ √ √

Modifying anoperationsconnection

√ √ √ ×

Deleting anoperationsconnection

√ √ √ ×

Creating ahostedconnection

√ √ √ ×

Viewing ahostedconnection

√ √ √ √

Modifying ahostedconnection

√ √ √ ×

Deleting ahostedconnection

√ √ √ ×

Reference● IAM Service Overview● Creating a User and Assigning Permissions

Direct ConnectService Overview 8 Permissions

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 20

9 Integration with Other Services

Figure 9-1 Direct Connect and other services

Table 9-1 Related services

CloudService

Function Reference

VirtualPrivate Cloud(VPC)

Create a VPC. Your on-premises datacenter can access this VPC throughDirect Connect.

Creating a VPC

Use VPC Peering to access other VPCsafter your data center has beenconnected to HUAWEI CLOUD.

Accessing MultipleVPCs Using VPCPeering

Direct ConnectService Overview 9 Integration with Other Services

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 21

CloudService

Function Reference

NATGateway

Allow on-premises servers to accessthe Internet or provide services thatare accessible from the Internet.

NAT Gateway

VPCEndpoint(VPCEP)

Create a VPC endpoint to connectyour on-premises data center to acloud service through a VPN or DirectConnect connection over the privatenetwork.

N/A

Cloud Eye Monitor Direct Connect resources andview visualized graphs.

Viewing Metrics

Identity andAccessManagement(IAM)

Grant different permissions for usersto access Direct Connect resources.This helps you securely control accessto Direct Connect resources.

Identity and AccessManagement

Cloud TraceService (CTS)

Record operations performed onDirect Connect.

Key OperationsRecorded by CTS

Direct ConnectService Overview 9 Integration with Other Services

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 22

10 Basic Concepts

10.1 ConnectionA connection is dedicated network connection between your on-premises datacenter and a Direct Connect location over a leased line.

Direct Connect provides ports only. After you request a connection, you need towork with the carrier and HUAWEI CLOUD to establish network connectivitybetween your data center and the cloud.

Connections are dedicated channels for on-premises data centers to access thecloud. Connections are more stable, reliable, and secure compared with Internet-based connections, and provide up to 10 Gbit/s bandwidth.

If you are a common user, you can request standard connections and hostedconnections.

● A standard connection has a dedicated port for your exclusive use and canhave multiple virtual interfaces associated.

● A hosted connection is created by a partner and allows you to share thededicated port with other users. The partner will allocate a VLAN andbandwidth for the hosted connection you request. You can associate only onevirtual interface with each hosted connection.

If you are a partner, you can request operations connections and create hostedconnections for your users.

● Similar to standard connections, an operations connection has a dedicatedport for your exclusive use and can have multiple virtual interfaces associated.

● A hosted connection is created for one of your users based on an operationsconnection.

If you are a common user, you need to lease a line from a carrier.

Connections support redundant configuration. If there are two connectionsterminated at different locations in the same region, they are mutually redundantand work in active/standby mode. If one connection becomes faulty, the other willstart to work, ensuring stable service running.

Direct ConnectService Overview 10 Basic Concepts

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 23

10.2 Virtual GatewayA virtual gateway is a logical gateway for accessing VPCs. Each VPC can haveonly one virtual gateway associated. A virtual gateway is bound to the VPC that isdirectly connected to a cloud private line. You can use the virtual gateway toconnect to the VPC to be accessed, and then use VPC Peering or CC to accessmultiple VPCs.

A VPC can be associated with only one virtual gateway. Multiple connections canaccess the same VPC through one virtual gateway.

10.3 Virtual InterfaceA virtual interface serves as an entrance for you to access VPCs through aconnection. A virtual interface links a connection with one or more virtualgateways, each of which is associated with a VPC, so that your on-premisesnetwork can access all these VPCs.

Virtual interfaces support static routing and BGP routing. You can choose BGProuting if you want to build a hybrid cloud more efficiently and reliably.

10.4 Region and AZ

ConceptA region and availability zone (AZ) identify the location of a data center. You cancreate resources in a specific region and AZ.

● Regions are divided based on geographical location and network latency.Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service(EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP(EIP), and Image Management Service (IMS), are shared within the sameregion. Regions are classified into universal regions and dedicated regions. Auniversal region provides universal cloud services for common tenants. Adedicated region provides specific services for specific tenants.

● An AZ contains one or more physical data centers. Each AZ has independentcooling, fire extinguishing, moisture-proof, and electricity facilities. Within anAZ, computing, network, storage, and other resources are logically dividedinto multiple clusters. AZs within a region are interconnected using high-speed optical fibers to support cross-AZ high-availability systems.

Figure 10-1 shows the relationship between regions and AZs.

Direct ConnectService Overview 10 Basic Concepts

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 24

Figure 10-1 Regions and AZs

HUAWEI CLOUD provides services in many regions around the world. Select aregion and AZ based on requirements. For more information, see HUAWEI CLOUDGlobal Regions.

Selecting a Region

When selecting a region, consider the following factors:

● Location

It is recommended that you select the closest region for lower networklatency and quick access. Regions within the Chinese mainland provide thesame infrastructure, BGP network quality, as well as resource operations andconfigurations. Therefore, if your target users are on the Chinese mainland,you do not need to consider the network latency differences when selecting aregion.

– If your target users are in Asia Pacific (excluding the Chinese mainland),select the CN-Hong Kong, AP-Bangkok, or AP-Singapore region.

– If your target users are in Africa, select the AF-Johannesburg region.

– If your target users are in Europe, select the EU-Paris region.

– If your target users are in Latin America, select the LA-Santiago region.

NO TE

The LA-Santiago region is located in Chile.

● Resource price

Resource prices may vary in different regions. For details, see Product PricingDetails.

Selecting an AZ

When deploying resources, consider your applications' requirements on disasterrecovery (DR) and network latency.

● For high DR capability, deploy resources in different AZs within the sameregion.

● For lower network latency, deploy resources in the same AZ.

Direct ConnectService Overview 10 Basic Concepts

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 25

Regions and EndpointsBefore you use an API to call resources, specify its region and endpoint. For moredetails, see Regions and Endpoints.

Direct ConnectService Overview 10 Basic Concepts

Issue 01 (2022-01-30) Copyright © Huawei Technologies Co., Ltd. 26